christhomas
commented
5 years ago I've implemented a set of capabilities which can be read out with the user data and then checked with lumen policies when executing requests.
Closed christhomas closed 5 years ago
christhomas
commented
5 years ago I've implemented a set of capabilities which can be read out with the user data and then checked with lumen policies when executing requests.
Each user should have a set of permissions giving them access to something. Examples are
This should then allow us to add extra permissions and denormalise the flags that a user might need in order to perform an action or know what they can or can't do.
Right now we have a repository_type field on the user. This is set to "npm" or "php". But we could replace this with a permission over that repository instead. Then we don't need to have a fixed field for this and we can perhaps add or remove types dynamically
The other example would be that when a package group is created for the first time, the first user added to that group would be the manager of that group, giving them special abilities over the other users.
An example of that might be if a package group is private, you can add a user to it but this instead creates a request to join that has to be accepted by the manager, who can add/remove users from the group
The package group manager could also be given a user management permission by default allowing that user to add or remove users to the groups that they are managers over.
So these permissions can be implemented to define how users behave in the system, what they can and cannot do, depending on their permissions.